[55368] in North American Network Operators' Group
Re: Level3 routing issues?
daemon@ATHENA.MIT.EDU (David Howe)
Tue Jan 28 06:38:06 2003
From: "David Howe" <DaveHowe@gmx.co.uk>
To: "Email List: nanog" <nanog@nanog.org>
Date: Tue, 28 Jan 2003 11:32:40 -0000
Errors-To: owner-nanog-outgoing@merit.edu
at Monday, January 27, 2003 7:50 PM, alex@yuriev.com <alex@yuriev.com>
was seen to say:
> This is not correct. VPN simply extends security policy to a different
> location. A VPN user must make sure that local security policy
> prevents other traffic from entering VPN connection.
This is nice in theory, but in practice is simply not true. even
assuming that the most restrictive settings are used (user may not
install software by admin setting, has no local administration on his
machine, IP traffic other than via the VPN is exclusive to the vpn
client) it is *still* possible that the machine could be compromised by
(say) an email virus who then bypasses security by any one of a dozen
routes.
